Risk Assessment and Internal Controls: Key Elements to Prevent Fraud
Posting by John Merchant, CPA, CFE, CFF
Is your organization safe from fraud? The answer to that question will depend on your answers to a number of other important questions:
Are the internal controls of your organization sufficient to prevent fraud?
Did you perform a risk assessment prior to implementation of those controls?
Do you monitor the effectiveness of the system of controls?
These are some of the questions that you and those charged with the governance of your company should constantly be considering to help keep your company safe. Whether you own a small business, run a burgeoning enterprise, or oversee a charitable organization, developing a proper system of internal control and regularly monitoring risk is essential for fraud prevention.
The Committee of Sponsoring Organizations (COSO) has developed definitions and guidelines regarding the procedures that should be followed in assessing risk and developing and maintaining a good system of internal controls in order to reduce the risk of fraud. COSO defines internal controls as the processes implemented to provide reasonable assurance regarding 1) the reliability of financial information, 2) compliance with laws and regulations, and 3) effectiveness and efficiency of operations.
There are five basic elements that lead to a good system of internal control. These elements are control environment, risk assessment, control activities, monitoring, and information and communications. Let’s break these elements down to look at how they can be implemented in your company.
Business Cybersecurity Basics: Protecting Your Company from Hackers
Posting by Alex Helfand, EnCE
As an executive, what keeps you up at night? Many leaders fret about revenue growth, client retention, and, increasingly, the possibility of fraud or cyberattacks. If you are worried about your business’s cybersecurity, you’re not alone: a recent survey (PDF) by the National Small Business Association (NSBA) shows that 94% of business owners are worried about this issue.
Unfortunately, these fears are not baseless. Nearly half of the survey respondents reported that their businesses were victims of cyberattacks, and recent research from Symantec reports that there was a 42% surge in internet attacks during 2012. In addition to data losses and service interruptions, these attacks can be costly. NSBA respondents reported average losses of $7,000 when their bank accounts were hacked.
Business Fraud: How to Recover Your Money and Prosecute the Fraudster
Posting by Joel Susco, CPA
Organizations with fewer than 100 employees are the most common victims of business fraud, with a significant estimated median loss of $147,000 in a 2012 report. One of the primary reasons an organization will hire a forensic accountant or Certified Fraud Examiner (CFE) is to uncover details and proof of business fraud, in order to prosecute the fraudster(s) and then recover as much of the missing funds as possible. It is not, however, as simple as discovering that there seems to be a fraud case and then expecting the natural working of the law to help recover the money. First you need to establish whether you have a case and, if so, what type of case, and decide if it is worth prosecuting based on several factors. And alas, recovering all the missing money is not so straightforward either. Following are some considerations for fraud investigation and prosecution to achieve the best possible outcome.